AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.
# Add to your Claude Code skills
git clone https://github.com/CyberStrikeus/CyberStrikeGuides for using ai agents skills like CyberStrike.
npm i -g @cyberstrike-io/cyberstrike@latest && cyberstrike
That's it. CyberStrike launches a TUI in your terminal, asks for your LLM provider and API key on first run, and you're ready to go. Tell it what to test — it handles reconnaissance, vulnerability discovery, exploitation, and reporting autonomously.
Already have a Claude Code or OpenAI subscription? CyberStrike's intelligence layer sits on top of your existing AI subscription. No separate API costs — your current plan powers an entire pentest toolkit.
Explore the full documentation at docs.cyberstrike.io or visit cyberstrike.io for demos and guides.
CyberStrike isn't just a wrapper around an LLM. It's an intelligence layer that transforms any AI model into an offensive security specialist.
How it works: When you connect your LLM provider, CyberStrike injects domain-specific context — OWASP testing methodology, vulnerability patterns, attack chain reasoning, and tool orchestration logic — into every interaction. The model doesn't need to know security; CyberStrike teaches it.
What the intelligence layer provides:
15+ LLM providers supported out of the box:
| Provider | Models | Notes | | ------------------------- | ------------------------ | --------------------------------------- | | Anthropic | Claude 4.5, Claude 4 | Best performance with extended thinking | | OpenAI | GPT-4.1, o3, o4-mini | Full tool-use support | | Google | Gemini 2.5 Pro/Flash | Long context for large codebases | | Amazon Bedrock | All Bedrock models | IAM auth, no API keys needed | | Azure OpenAI | All Azure-hosted models | Enterprise deployments | | Groq | LLaMA, Mixtral | Ultra-fast inference | | Mistral | Mistral Large, Codestral | European data residency | | DeepSeek | DeepSeek V3, R1 | Cost-effective alternative | | OpenRouter | 100+ models | Single API, any model | | Together AI | Open-source models | Fine-tuning support | | Ollama | Any GGUF model | Fully offline, local-only | | LM Studio | Any local model | Desktop GUI + API server | | vLLM | Any HuggingFace model | Self-hosted, GPU-optimized | | Any OpenAI-compatible | — | Custom endpoints welcome |
Air-gapped environments? Run CyberStrike entirely offline with Ollama or LM Studio. No data leaves your machine — ever.
Specialized Security Agents, Not Generic Chat
CyberStrike ships with 13+ agents purpose-built for security domains. Each agent carries domain-specific methodology, tool knowledge, and testing patterns. The web-application agent follows OWASP WSTG. The cloud-security agent knows CIS benchmarks. The mobile agent uses Frida and follows MASTG/MASVS. They don't guess — they follow proven offensive security frameworks.
Intelligence Layer, Not Just an LLM Wrapper
Most AI security tools are thin wrappers that send your prompt to an API. CyberStrike's intelligence layer normalizes outputs across 15+ providers, guards context between test phases, auto-detects your provider configuration, and orchestrates multi-step attack chains. The result: consistent, methodology-driven pentesting regardless of which model you use.
Any LLM, Zero Lock-in
Anthropic, OpenAI, Google, Amazon Bedrock, Azure, Groq, Mistral, DeepSeek, OpenRouter, Together AI — or run fully offline with Ollama and LM Studio. You choose the model. You own the results. As AI models get better and cheaper, CyberStrike gets better with them. Switch providers in seconds without reconfiguring anything.
Remote Tool Execution with Bolt
Your security tools don't have to run on your laptop. Deploy Bolt on one or many remote servers, pair with Ed25519 keys, and control everything from your local terminal. One CyberStrike instance can orchestrate dozens of Bolt servers — each with its own toolkit, network position, and attack surface access.
Switch between agents with Tab. Each one is a domain specialist.
| Agent | Focus | What It Does | | ---------------------- | ------- | ------------------------------------------------------------------- | | cyberstrike | General | Full-access primary agent — reconnaissance, exploitation, reporting | | web-application | Web | OWASP Top 10, WSTG methodology, API security, session testing | | mobile-application | Mobile | Android/iOS, Frida/Objection, MASTG/MASVS compliance | | cloud-security | Cloud | AWS, Azure, GCP — IAM misconfigs, CIS benchmarks, exposed resources | | internal-network | Network | Active Directory, Kerberos attacks, lateral movement, pivoting |
Plus 8 specialized proxy testers that run automatically on intercepted traffic:
| Tester | What It Tests | | ------------------------ | ---------------------------------------------------------------------------- | | IDOR | Object-level access control — can user A reach user B's resources? | | Authorization Bypass | Vertical privilege escalation — can low-privilege users hit admin endpoints? | | Mass Assignment | Unexpected writable fields — role, price, balance, userId in request bodies | | Injection | SQL, command, LDAP, template injection across all input vectors | | Authentication | Token validation, session fixation, credential exposure | | Business Logic | Price manipulation, coupon reuse, race conditions, workflow bypass | | **SSR
No comments yet. Be the first to share your thoughts!